package net.lab1024.sa.base.module.support.elasticsearch.domain.form;

import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;

import java.util.List;
import java.util.Map;

/**
 * 安全事件查询表单
 *
 * @author chenyuqiang
 * @date 2025-01-27 10:00:00
 */
@Data
@Schema(description = "安全事件查询表单")
public class EventBaseEsQueryForm {

    @Schema(description = "页码")
    private Integer pageNum = 1;

    @Schema(description = "每页大小")
    private Integer pageSize = 10;

    @Schema(description = "开始时间(UTC毫秒)")
    private Long startTime;

    @Schema(description = "结束时间(UTC毫秒)")
    private Long endTime;

    @Schema(description = "事件类型")
    private List<String> eventTypes;

    @Schema(description = "事件名称")
    private String eventName;

    @Schema(description = "危险等级")
    private List<Integer> severities;

    @Schema(description = "日志来源")
    private List<String> logSources;

    @Schema(description = "源IP")
    private String srcIp;

    @Schema(description = "目标IP")
    private String dstIp;

    @Schema(description = "设备名称")
    private String deviceName;

    @Schema(description = "设备IP")
    private String deviceIp;

    @Schema(description = "用户名")
    private String userName;

    @Schema(description = "处置结果")
    private String blocked;

    @Schema(description = "SOAR处置结果")
    private String action;

    @Schema(description = "排序字段")
    private String sortField = "@timestamp";

    @Schema(description = "排序顺序")
    private String sortOrder;

    @Schema(description = "聚合字段列表")
    private List<String> aggregationFields;

    @Schema(description = "索引名称")
    private String indexName;

    @Schema(description = "aisql")
    private String aisql;

    @Schema(description = "ES查询条件")
    private Map<String, Object> esQuery;

    @Schema(description = "开始时间")
    private String eventTimeBegin;

    @Schema(description = "结束时间")
    private String eventTimeEnd;

    @Schema(description = "日志类型")
    private Integer opnum;

    @Schema(description = "调用方式")
    private Integer optype;

    @Schema(description = "时间ID")
    private String eventId;



} 